HD Moore of Rapid7 discovered a symlink attack in Wget, a command-line utility to retrieve files via HTTP, HTTPS, and FTP. The vulnerability allows to create arbitrary files on the user"s system when Wget runs in recursive mode against a malicious FTP server. Arbitrary file creation may override content of user"s files or permit remote code execution with the user privilege. This update changes th ...
A regression in the decoding of chroma-subsampled images in OpenJPEG was introduced by one of the patches for CVE-2013-6045. This update fixes the regression. For reference, the original text of DSA-2808-1 is reproduced below: Several vulnerabilities have been discovered in OpenJPEG, a JPEG 2000 image library, that may lead to denial of service via application crash or high memory consumption, po ...
A library for programmatically editing configuration files. Augeas parses configuration files into a tree structure, which it exposes through its public API. Changes made through the API are written back to the initially read files. The transformation works very hard to preserve comments and formatting details. It is controlled by ``lens"" definitions that describe the file format and the transfor ...
A library for programmatically editing configuration files. Augeas parses configuration files into a tree structure, which it exposes through its public API. Changes made through the API are written back to the initially read files. The transformation works very hard to preserve comments and formatting details. It is controlled by ``lens"" definitions that describe the file format and the transfor ...